Author: ZmnSCPxj 2021-07-09 22:38:18
Published on: 2021-07-09T22:38:18+00:00
ZmnSCPxj responded to Jeremy Rubin's proposal for using Lamport signatures to make Bitcoin quantum-proof, noting that while Lamport signatures are resistant to quantum computing, they are also large in size. ZmnSCPxj suggested using Winternitz OTS instead, but noted that it requires some kind of limited-repeat construct that is not available in SCRIPT. Additionally, Merkle signatures trade off shorter pubkeys for longer signatures, which is a loss compared to Lamport in the modern post-SegWit Bitcoin context where both pubkeys and signatures are stored in the same witness area. Jeremy Rubin had proposed using OP_CAT or similar operations to sign an EC signature, making Bitcoin "quantum safe", but ZmnSCPxj pointed out that OP_CAT cannot be directly soft-forked to Segwit v0 because it modifies the stack, so a new opcode would be required. He provided a long script that could work, but noted that it is about 8560 bytes and could probably be made more efficient by expanding to a ternary representation with base 4 being optimal. Taproot is another possible option for making Bitcoin quantum-proof, as the commitment scheme can be securely opened to m even with a quantum computer. Additionally, Schnorr signatures have a stronger non-malleability property than ECDSA, making them binding to the approved transaction, and once Lamport signed, even a quantum computer could not steal the funds.
Updated on: 2023-06-15T00:16:02.727806+00:00